Mailing List Archive: route leak from main to vrf

route leak from main to vrf

Jan 8, 2021, 2:38 AM

Post #1 of 4 (574 views)

Hello,
I'm trying to leak routes from my main routing table to a VRF.

Using Cisco IOS XE Software, Version 16.09.05 on a ASR1001-X

I've done this config :

ip prefix-list BT_LNS-out seq 5 permit x.x.x.3/32
ip prefix-list BT_LNS-out seq 10 permit x.x.x.4/32

ip prefix-list BT_radius-out seq 5 permit x.x.x.5/32
ip prefix-list BT_radius-out seq 10 permit x.x.x.6/32

route-map BT_bgp-out permit 10
match ip address prefix-list BT_LNS-out BT_radius-out

ip vrf interco_BT
rd 12844:1
import ipv4 unicast map BT_bgp-out

ip route x.x.x.3 255.255.255.255 Loopback0
ip route x.x.x.4 255.255.255.255 <next-hop>
ip route x.x.x.5 255.255.255.255 <next-hop>
ip route x.x.x.6 255.255.255.255 <next-hop>

so my main routing table has routes to x.x.x.[3-6]/32 but I'm unable to see
the routes in the VRF "interco_BT".

Tried to add route in the vrf :
ip route vrf interco_BT x.x.x.3 255.255.255.255 loopback 0
% For VPN or topology routes, must specify a next hop IP address if not a
point-to-point interface

I guess I'm missing something.
Can somebody tell my where I am wrong please ?

Thank you.
Regards,
Cédric
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: route leak from main to vrf [ In reply to ]

snyderq at gmail

Jan 8, 2021, 9:21 AM

Post #2 of 4 (574 views)

Permalink

Possibly consider using VASI interfaces — https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html <https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html>

I’ve used them successfully to leak routes between VRF and GRT without physical loopback cable, etc.

q.
--
Quinn Snyder | snyderq@gmail.com <mailto:snyderq@gmail.com> | +1 480 619 2749

> On Jan 8, 2021, at 03:38, BASSAGET Cédric <cedric.bassaget.ml@gmail.com> wrote:
>
> Hello,
> I'm trying to leak routes from my main routing table to a VRF.
>
> Using Cisco IOS XE Software, Version 16.09.05 on a ASR1001-X
>
> I've done this config :
>
> ip prefix-list BT_LNS-out seq 5 permit x.x.x.3/32
> ip prefix-list BT_LNS-out seq 10 permit x.x.x.4/32
>
> ip prefix-list BT_radius-out seq 5 permit x.x.x.5/32
> ip prefix-list BT_radius-out seq 10 permit x.x.x.6/32
>
> route-map BT_bgp-out permit 10
> match ip address prefix-list BT_LNS-out BT_radius-out
>
> ip vrf interco_BT
> rd 12844:1
> import ipv4 unicast map BT_bgp-out
>
> ip route x.x.x.3 255.255.255.255 Loopback0
> ip route x.x.x.4 255.255.255.255 <next-hop>
> ip route x.x.x.5 255.255.255.255 <next-hop>
> ip route x.x.x.6 255.255.255.255 <next-hop>
>
> so my main routing table has routes to x.x.x.[3-6]/32 but I'm unable to see
> the routes in the VRF "interco_BT".
>
> Tried to add route in the vrf :
> ip route vrf interco_BT x.x.x.3 255.255.255.255 loopback 0
> % For VPN or topology routes, must specify a next hop IP address if not a
> point-to-point interface
>
> I guess I'm missing something.
> Can somebody tell my where I am wrong please ?
>
> Thank you.
> Regards,
> Cédric
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: route leak from main to vrf [ In reply to ]

jwbensley+cisco-nsp at gmail

Jan 8, 2021, 10:09 AM

Post #3 of 4 (574 views)

Permalink

On Fri, 8 Jan 2021 at 10:44, BASSAGET Cédric
<cedric.bassaget.ml@gmail.com> wrote:
>
> Hello,
> I'm trying to leak routes from my main routing table to a VRF.
>
> Using Cisco IOS XE Software, Version 16.09.05 on a ASR1001-X
>
> I've done this config :
>
> ip prefix-list BT_LNS-out seq 5 permit x.x.x.3/32
> ip prefix-list BT_LNS-out seq 10 permit x.x.x.4/32
>
> ip prefix-list BT_radius-out seq 5 permit x.x.x.5/32
> ip prefix-list BT_radius-out seq 10 permit x.x.x.6/32
>
> route-map BT_bgp-out permit 10
> match ip address prefix-list BT_LNS-out BT_radius-out
>
> ip vrf interco_BT
> rd 12844:1
> import ipv4 unicast map BT_bgp-out
>
> ip route x.x.x.3 255.255.255.255 Loopback0
> ip route x.x.x.4 255.255.255.255 <next-hop>
> ip route x.x.x.5 255.255.255.255 <next-hop>
> ip route x.x.x.6 255.255.255.255 <next-hop>
>
> so my main routing table has routes to x.x.x.[3-6]/32 but I'm unable to see
> the routes in the VRF "interco_BT".
>
> Tried to add route in the vrf :
> ip route vrf interco_BT x.x.x.3 255.255.255.255 loopback 0
> % For VPN or topology routes, must specify a next hop IP address if not a
> point-to-point interface
>
> I guess I'm missing something.
> Can somebody tell my where I am wrong please ?

Hi Cedric,

I haven't tried route leaking between a VRF and the GRT in ages, so I
can't really remember the caveats. With regards to the static route, I
can remember that you can have a static from a VRF to the GRT, but not
from the GRT to a VRF (so you'll have no return route):

ip route vrf interco_BT x.x.x.3 255.255.255.255 y.y.y.y global

The "global" keyword is needed for a static route inside a VRF with a
next hop in the GRT. I don't believe there is an equivalent method for
GRT to VRF though.

It looks like you're trying to route leak loopback interface IP's
though - if that is accurate, you can create another loopback
interface within the VRF with the same IP(s) as your GRT loopback.

Cheers,
James.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: route leak from main to vrf [ In reply to ]

jloiacon at gmail

Jan 8, 2021, 10:31 AM

Post #4 of 4 (571 views)

Permalink

I've dealt with this frustration as well. What finally worked for me was
to use a VLAN ID associated with the interface.

Good luck,

Joe

On 1/8/2021 5:38 AM, BASSAGET Cédric wrote:
> Hello,
> I'm trying to leak routes from my main routing table to a VRF.
>
> Using Cisco IOS XE Software, Version 16.09.05 on a ASR1001-X
>
> I've done this config :
>
> ip prefix-list BT_LNS-out seq 5 permit x.x.x.3/32
> ip prefix-list BT_LNS-out seq 10 permit x.x.x.4/32
>
> ip prefix-list BT_radius-out seq 5 permit x.x.x.5/32
> ip prefix-list BT_radius-out seq 10 permit x.x.x.6/32
>
> route-map BT_bgp-out permit 10
> match ip address prefix-list BT_LNS-out BT_radius-out
>
> ip vrf interco_BT
> rd 12844:1
> import ipv4 unicast map BT_bgp-out
>
> ip route x.x.x.3 255.255.255.255 Loopback0
> ip route x.x.x.4 255.255.255.255 <next-hop>
> ip route x.x.x.5 255.255.255.255 <next-hop>
> ip route x.x.x.6 255.255.255.255 <next-hop>
>
> so my main routing table has routes to x.x.x.[3-6]/32 but I'm unable to see
> the routes in the VRF "interco_BT".
>
> Tried to add route in the vrf :
> ip route vrf interco_BT x.x.x.3 255.255.255.255 loopback 0
> % For VPN or topology routes, must specify a next hop IP address if not a
> point-to-point interface
>
> I guess I'm missing something.
> Can somebody tell my where I am wrong please ?
>
> Thank you.
> Regards,
> Cédric
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/